On 2020/07/30 8:21, Dave Chinner wrote:
On Wed, Jul 29, 2020 at 11:23:21AM +0900, Yasunori Goto wrote:
> On 2020/07/28 11:20, Dave Chinner wrote:
>> On Tue, Jul 28, 2020 at 02:00:08AM +0000, Li, Hao wrote:
>>> I have noticed that we have to drop caches to make the changing of S_DAX
>>> flag take effect after using chattr +x to turn on DAX for a existing
>>> regular file. The related function is xfs_diflags_to_iflags, whose
>>> second parameter determines whether we should set S_DAX immediately.
>> Yup, as documented in Documentation/filesystems/dax.txt. Specifically:
>> 6. When changing the S_DAX policy via toggling the persistent FS_XFLAG_DAX
>> the change in behaviour for existing regular files may not occur
>> immediately. If the change must take effect immediately, the
>> needs to:
>> a) stop the application so there are no active references to the data set
>> the policy change will affect
>> b) evict the data set from kernel caches so it will be re-instantiated
>> the application is restarted. This can be achieved by:
>> i. drop-caches
>> ii. a filesystem unmount and mount cycle
>> iii. a system reboot
>>> I can't figure out why we do this. Is this because the page caches in
>>> address_space->i_pages are hard to deal with?
>> Because of unfixable races in the page fault path that prevent
>> changing the caching behaviour of the inode while concurrent access
>> is possible. The only way to guarantee races can't happen is to
>> cycle the inode out of cache.
> I understand why the drop_cache operation is necessary. Thanks.
> BTW, even normal user becomes to able to change DAX flag for an inode,
> drop_cache operation still requires root permission, right?
Step back for a minute and explain why you want to be able to change
the DAX mode of a file -as a user-.
For example, there are 2 containers executed in a system, which is named as
container A and container B, and these host gives FS-DAX files to each
If the user of container A would like to change DAX-off for tuning, then
he will stop his application
and change DAX flag, but the flag may not be changed.
Then he will "need" to ask host operator to execute drop_cache, and the
operator did it.
As a result, not only container A, but also container B get the impact
Especially, if this is multi tenant container system, then I think this
is not acceptable.
Probably, there are 2 problems I think.
1) drop_cache requires root permission.
2) drop_cache has too wide effect.
> So, if kernel have a feature for normal user can operate drop cache for "a
> inode" with
> its permission, I think it improve the above limitation, and
> we would like to try to implement it recently.
No, drop_caches is not going to be made available to users. That
makes it s trivial system wide DoS vector.
The current drop_cache feature tries to drop ALL of cache (page cache
and/or slab cache).
Then, I agree that normal user should not drop all of them.
But my intention was that drop cache of ONE file which is changed dax flag,
(and if possible, drop only the inode cache.)
Do you mean it will be still cause of weakness against DoS attack?
If so, I should give up to solve problem 1) at least.